Kambwiri, Lloyd

Abstract [en]

The aim of this Thesis is to assess information security management at Chancellor College. Universities are repositories of important information by the very nature of business they conduct. Thus thousands of students and hundreds of staff commit important personal information to Universities for studentship and employment purposes respectively. Universities must secure this information amid a unique need to provide open access to systems for use by different groups of people; staff, students, visitors, etc. While literature points at the need for open access owing to intellectual freedom, the need to ensure information security cannot be compromised. Each university has its own unique setting, culture, and experiences that necessitate a focused study of this nature. In this study we take a deep look at the information security practices and experiences at Chancellor College in light of International Standards for information security as well as other prominent publications used to define the baseline requirements for information security. In the end it transpires that even in the midst of sufficient finances, information security can still go awry. The study concludes that major challenges exposed by other studies of both universities and the corporate institutions worldwide namely policy issues, academic freedom, organisation culture, user awareness, staffing, top management support, ICT infrastructure are the same challenges that Chancellor College is facing. These problems, except academic freedom, are not unique to higher education. The findings of this study contribute to existing literature on information security organisations, in particular higher education sector.